I'm taking part in a #homeworking survey for my company, and one of my recommendations is for home workers to be on the company #VPN (connected to our NAS) because our home network #security can't be guaranteed, we have to rely on storing data on a proprietary cloud storage site etc.
Please share your suggested arguments for (or against) VPN for all home workers.
@syntax corporate laptop + all internal assets only reachable from "inside" + vpn is pretty good. But if there's no management of what apps are installed on the laptop, eg, remote access malware, it's not going to stop attackers proxying through the vpn-connected laptop and do what they like.
At least via vpn there are revokable credentials attached to the bad actor. If you monitor if accounts try to do something out of their role, monitor laptop hygiene, it can be part of a secure setup.
#UseTor would be our recommendation.
True, there's overlap. However, Tor/I2P certainly doesn't automatically equal security. I seriously doubt a company sharing sensitive files and communications over Tor is a good idea, not being able to ascertain exit nodes etc. Members of a company don't want/need to be anonymous when communicating with each other, it would be counterintuitive.
You do not need to trust a exitNode the only thing they see is someone sending a packet to a proxy. It is specifically designed so that people can share sensitive communications and hide them from oppressive govts and the #jeffreyEpsteinClass.
#Tor is designed for #anonymity and I trust it completely. I advocate for #FOSS and run a couple of Tor relays. Some further reading:
The key point here being that the exit node itself doesn't offer a layer of encryption, so the user must be using HTTPS, otherwise packet capturing is a very real threat.
Brilliant. Will read and good to hear.
The threat is the same on the clearnet, HTTP is not secure. Tor has done a lot over the years to ensure HTTPS only. Their was an issue recently (that was resolved for niche setups). What we are saying is running an onion service gives everyone great encryption for free.
Similarly, if someone gets HTTPS wrong with a private VPN corporation the effect might still be very bad.
Thanks for the feedback 👍